# Table of contents
* [恶意软件学习笔记](README.md)
## 权限维持
* [服务](persistence/service/README.md)
* [新建服务](persistence/service/new-service.md)
* [修改服务](persistence/service/edit-service.md)
* [隐藏服务](persistence/service/hide-service.md)
* [劫持服务](persistence/service/hijack-service.md)
* [启动项](persistence/startup/README.md)
* [注册表](persistence/startup/registry.md)
* [文件夹](persistence/startup/folder.md)
* [用户账户](persistence/user/README.md)
* [新建用户](persistence/user/add-user.md)
* [隐藏用户](persistence/user/hide-user.md)
* [DLL劫持](persistence/dll-hijack/README.md)
* [劫持自启动程序](persistence/dll-hijack/hijack-autorun-programs.md)
* [劫持.NET程序](persistence/dll-hijack/hijack-.net-program.md)
* [COM劫持](persistence/com-hijack/README.md)
* [COM劫持](persistence/com-hijack/com-hijack.md)
* [映像劫持](persistence/image-file-execution-options/README.md)
* [映像劫持](persistence/image-file-execution-options/image-file-execution-options.md)
* [计划任务](persistence/schtasks/README.md)
* [新建任务](persistence/schtasks/add-schtasks.md)
* [WMI](persistence/wmi/README.md)
* [WMI事件](persistence/wmi/wmi-event.md)
* [Office](persistence/office/README.md)
* [VSTO](persistence/office/vsto.md)
* [WLL/XLL](persistence/office/wll-xll.md)
* [模板文件](persistence/office/macro-enabled-add-in-file.md)
* [COM劫持](persistence/office/com-hijack.md)
* [BITS Jobs](persistence/bits-jobs/README.md)
* [BITS](persistence/bits-jobs/bits.md)
* [Rootkit](persistence/rootkit/README.md)
* [Rootkit](persistence/rootkit/rootkit.md)
* [未分类](persistence/uncatelogued/README.md)
* [Windows Telemetry](persistence/uncatelogued/windows-telemetry.md)
* [替换文件](persistence/uncatelogued/replace-file.md)
* [AppInit\_DLLs注入](persistence/uncatelogued/appinit-dlls-inject.md)
* [粘滞键](persistence/uncatelogued/sethc.exe.md)
* [cmd启动劫持](persistence/uncatelogued/command-processor.md)
* [屏幕保护](persistence/uncatelogued/screen-save.md)
* [注册SSP DLL](persistence/uncatelogued/ssp-dll.md)
* [AddMonitor](persistence/uncatelogued/addmonitor.md)
* [滥用POWERSHELL配置文件](persistence/uncatelogued/powershell-profile.md)
* [W32Time](persistence/uncatelogued/w32time.md)
* [UWP](persistence/uncatelogued/uwp.md)
* [Waitfor](persistence/uncatelogued/waitfor.md)
* [Bios](persistence/uncatelogued/bios.md)
* [劫持更新程序](persistence/uncatelogued/hijack-update-program.md)
* [利用LAPS](persistence/uncatelogued/laps.md)
* [SDB文件](persistence/uncatelogued/sdb.md)
## 提权
* [UAC Bypass](privilege-escalation/untitled-4.md)
* [漏洞](privilege-escalation/bug.md)
* [错误配置](privilege-escalation/wrong-config.md)
## 横向移动
* [WMI](lateral-movement/wmi.md)
* [RPC](lateral-movement/rpc.md)
* [DCOM](lateral-movement/dcom.md)
* [HASH](lateral-movement/hash.md)
* [Kerberos tickets](lateral-movement/kerberos-tickets.md)
## 文件结构
* [Office](file/office.md)
* [LNK](file/lnk/README.md)
* [钓鱼lnk](file/lnk/phishing-lnk.md)
* [PE](file/pe.md)
* [CHM](file/chm/README.md)
* [钓鱼chm](file/chm/phishing-chm.md)
## 注入
* [注入](inject/inject.md)
## 反分析
* [反虚拟机/沙盒](anti-analysis/anti-vm-sandbox.md)
## 获取用户密码或hash
* [SMB](get-password/smb.md)
* [注入mstsc.exe](get-password/inject-mstsc.exe.md)
* [Mimikatz](get-password/mimikatz.md)
* [NPLogonNotify](get-password/nplogonnotify.md)
* [Tickets](get-password/tickets.md)
## 进程链
* [启动进程](process/creat-new-process.md)
## 关闭杀软
* [关闭WD](disable-av/disable-wd.md)
## AMSI
* [绕过AMSI](amsi/bypass-amsi.md)
## Dump内存
* [MiniDumpWriteDump](dump/untitled.md)
* [Shellcode](dump/shellcode.md)
* [SilentProcessExit](dump/silentprocessexit.md)
* [procdump](dump/procdump.md)
* [Task Manager/Process Explorer](dump/task-manager-process-explorer.md)
* [Sqldumper](dump/sqldumper.md)
* [comsvcs.dll](dump/comsvcs.dll.md)
* [WinPmem](dump/winpmem.md)
* [ProcessDump.exe](dump/processdump.exe.md)
* [Dumpert](dump/dumpert.md)
* [BSOD](dump/bsod.md)
* [PPLdump](dump/ppldump.md)
* [Hibernation](dump/hibernation.md)
## 木马分析
* [Stealer](rats/stealer/README.md)
* [输入法](rats/stealer/shu-ru-fa.md)
* [Hidden Remote](rats/hidden-remote.md)
## 常用工具
* [Untitled](tools/untitled.md)
## 鬼知道有什么用的小知识
* [鬼知道有什么用的小知识](tips/some-tips.md)